hashfile-mcp

hashfile-mcp

Provides reliable file editing through hash-anchored operations.

Category
Visit Server

README

Hashfile MCP Server

Fine-Grained Control for AI File Operations β€” A Model Context Protocol (MCP) server that gives you surgical precision over file editing and ironclad control over file access.

Why Hashfile MCP?

🎯 Surgical File Editing

Unlike traditional line-number-based editing that breaks when files change, Hashfile uses content-anchored operations:

  • Hash-Anchored Lines: Every line tagged with a content hash β€” edits target the right content, not just the right line number
  • Fuzzy Matching: Automatically finds moved lines even after insertions/deletions
  • Collision Detection: File-level verification prevents editing stale content
  • Multi-Operation Edits: Apply multiple precise changes in a single atomic operation

πŸ”’ Ironclad Access Control

Take complete control over what AI agents can touch with AGENTS.md frontmatter:

  • forbidden: Block access to secrets, credentials, sensitive data
  • read_only: Allow reading schemas, configs, lock files β€” prevent modifications
  • ignore: Hide generated code, dependencies, build artifacts from AI context
  • Hierarchical Discovery: Place AGENTS.md anywhere in your tree β€” nearest file wins
  • Glob Patterns: Fine-tune access with wildcards (secrets/**, **/*.env)

πŸ“– Full AGENTS.md Documentation | πŸ“‹ Proposal Spec

πŸ› οΈ Drop-In Filesystem Compatibility

All standard MCP filesystem tools included:

  • list_directory β€” Browse with [FILE]/[DIR] prefixes
  • directory_tree β€” Compact tree view (10x more token-efficient than JSON)
  • create_directory β€” Recursive directory creation
  • move_file β€” Rename/move files and directories
  • write_file β€” Raw UTF-8 writes (non-hashline)
  • read_multiple_files β€” Batch reads in one operation

Features at a Glance

Feature Benefit
Hash-Anchored Editing Edits survive file changes β€” no more "line 42 doesn't match" errors
Content Verification 6-character file hashing prevents race conditions
AGENTS.md Support Declarative access control β€” protect secrets, lock schemas, hide noise
Fuzzy Line Matching Finds the right line even after insertions/deletions
9 MCP Tools 3 hashline tools + 6 standard filesystem tools
Zero Dependencies Pure Rust, compiles to a single binary

Installation

cargo build --release

The binary will be at target/release/hashfile-mcp.

Quick Start

1. Configure Your MCP Client

Add to Claude Desktop or your MCP client config:

{
  "mcpServers": {
    "hashfile": {
      "command": "/path/to/hashfile-mcp/target/release/hashfile-mcp"
    }
  }
}

2. (Optional) Add Access Control

Create AGENTS.md in your project root:

---
forbidden:
  - "secrets/**"
  - "**/*.env"
  - ".git/**"

read_only:
  - "package-lock.json"
  - "Cargo.lock"
  - "schema.sql"

ignore:
  - "node_modules/**"
  - "target/**"
  - "**/*.generated.ts"
---

# Project Instructions

Your custom instructions for AI agents here...

3. Start Editing

The AI can now:

  • βœ… Read and edit source files with hash-anchored precision
  • βœ… Browse directories and create new files
  • ❌ Cannot touch your secrets or .env files
  • ❌ Cannot modify lock files or schemas
  • πŸ™ˆ Won't see node_modules or build artifacts

How Hashline Works

The Problem

Traditional line-number editing fails when files change:

Agent: "Replace line 42"
Reality: Someone inserted 3 lines at the top
Result: Wrong line replaced! πŸ’₯

The Solution

Content-anchored editing with hash verification:

  1. Read: Each line gets a hash tag β†’ 42:a3|const x = 1;
  2. Edit: Operations reference content, not just position β†’ "anchor": "42:a3"
  3. Apply: Server finds the line by hash, even if it moved to line 45
  4. Verify: File hash must match β€” detects if content changed since read

Reliability Features

  • File-Level Verification: 6-character hash prevents editing stale content
  • Line-Level Anchoring: 2-character hash identifies specific lines
  • Fuzzy Matching: Searches for unique hash match if line number changed
  • Conflict Detection: Clear errors if content diverged

Core Tools

Hashline Tools (Precision Editing)

read_text_file

Returns content with hash-tagged lines for reliable editing:

1:a3|import { useState } from 'react';
2:7f|
3:2c|export function Counter() {
---
hashline_version: 1
total_lines: 3
file_hash: 8f3a9b

edit_text_file

Apply hash-anchored operations:

{
  "path": "/path/to/file.ts",
  "file_hash": "8f3a9b",
  "operations": [
    {
      "op_type": "replace",
      "anchor": "3:2c",
      "content": "export function Counter({ initial = 0 }) {"
    }
  ]
}

Operation types: replace, insert_after, insert_before, delete

write_text_file

Write content and get back hashline-tagged verification

Filesystem Tools (Standard Operations)

list_directory

[DIR] src
[DIR] tests
[FILE] README.md
[FILE] Cargo.toml

directory_tree

src/
β”œβ”€β”€ agents.rs
β”œβ”€β”€ config.rs
β”œβ”€β”€ filesystem.rs
β”œβ”€β”€ hashline.rs
β”œβ”€β”€ main.rs
└── tools.rs

Supports exclude_patterns for filtering (e.g., ["**/node_modules/**", "**/.git/**"])

create_directory, move_file, write_file, read_multiple_files

Standard filesystem operations with AGENTS.md enforcement

AGENTS.md Access Control

Constraint Types

Constraint Effect Use Case
forbidden Block all access Secrets, credentials, private keys
read_only Allow reads, block writes Schemas, lock files, generated configs
ignore Hide from AI context Dependencies, build artifacts, noise

Automatic .gitignore Support

Hashfile MCP automatically respects .gitignore files in your project:

  • Hierarchical: Walks up from target file to find all .gitignore files
  • Standard syntax: Supports standard .gitignore patterns (basename, directory, path)
  • Combined with AGENTS.md: Patterns from both sources are merged
  • Zero config: Works out of the box with existing projects

Pattern conversion:

# .gitignore
*.log              β†’ **/*.log
node_modules/      β†’ node_modules/**
build/output       β†’ build/output

Precedence: AGENTS.md ignore patterns take precedence over .gitignore.

Example: Protect a Monorepo

---
forbidden:
  - "**/secrets/**"
  - "**/*.key"
  - "**/*.pem"
  - ".env*"

read_only:
  - "**/package-lock.json"
  - "**/Cargo.lock"
  - "db/schema.sql"

ignore:
  - "**/node_modules/**"
  - "**/target/**"
  - "**/.next/**"
  - "**/*.generated.*"
---

Hierarchical Control

Place AGENTS.md files at any level:

/project/AGENTS.md          ← Global rules
/project/backend/AGENTS.md  ← Backend-specific rules (overrides global)
/project/frontend/AGENTS.md ← Frontend-specific rules

The nearest AGENTS.md in the directory hierarchy applies.

Development

Run Tests

cargo test

Project Structure

src/
β”œβ”€β”€ main.rs        # MCP server setup
β”œβ”€β”€ tools.rs       # Tool definitions (9 tools)
β”œβ”€β”€ hashline.rs    # Hash-anchored editing logic
β”œβ”€β”€ filesystem.rs  # Standard filesystem operations
β”œβ”€β”€ agents.rs      # AGENTS.md frontmatter parsing
β”œβ”€β”€ config.rs      # Configuration (future: tool enablement)
└── roots.rs       # Root path management (future)

Technical Details

  • Language: Rust (edition 2021)
  • MCP SDK: rmcp 0.15.0
  • Line Hashing: FNV-1a (2 hex chars, 256 buckets)
  • File Hashing: FNV-1a (6 hex chars, 16M buckets)
  • Transport: stdio
  • Dependencies: rmcp, serde, serde_json, serde_yaml, globset, anyhow, fnv

Roadmap

  • [ ] Environment variable-based tool enablement (ENABLE_FILESYSTEM_TOOLS=true)
  • [ ] Granular tool control (ENABLE_LIST_DIRECTORY=true, etc.)
  • [ ] Additional tools: get_file_info, search_files, list_directory_with_sizes
  • [ ] Command-line argument support for configuration

License

See LICENSE file for details.

See Also

  • The Harness Problem - I Improved 15 LLMs at Coding in One Afternoon. Only the Harness Changed. - Can BΓΆlΓΌk Feb 2026
  • AGENTS.md Proposal - Frontmatter specification for agent access control

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured